The information assets, including the customer information handled in our business, are extremely important as the foundation of our management. Those who handle information assets, including executives and employees who recognize the importance of protecting information assets from risks such as leakage, damage, and loss, will comply with this policy and practice activities to maintain information security such as confidentiality, integrity, and availability of information assets.
② Basic Policy
(1) To protect information assets, we will establish information security policies and related regulations and conduct business in accordance with them. We will also comply with laws, regulations, other norms related to information security, and contractual obligations with customers.
(2) We will clearly define standards for analyzing and evaluating risks such as leakage, damage, and loss of information assets and establish a systematic risk assessment method. We will conduct periodic risk assessments based on the results and implement necessary and appropriate security measures.
(3) We will establish an information security system centered on responsible executives and clarify the authority and responsibilities related to information security. In addition, we will conduct regular education, training, and awareness-raising to ensure that all employees recognize the importance of information security and handle information assets appropriately.
(4) We will regularly inspect and audit compliance with information security policies and the handling of information assets, and promptly take corrective measures for any deficiencies or improvement items discovered.
(5) We will take appropriate measures in the event of information security events or incidents and establish response procedures in advance to minimize damage if they occur. In the event of a crisis, we will respond promptly and take appropriate corrective measures. In particular, we will establish a management framework for incidents that may cause business interruptions and ensure business continuity through regular review.
(6) We will establish an information security management system that sets goals for achieving the basic policy, execute it, and continuously review and improve it to achieve the basic philosophy.